[Dshield] vunerability windows

Jonathan C. Webster jwebster03 at snet.net
Fri Feb 6 18:26:41 GMT 2004



Alan Frayer wrote:
> We were forced to notify recipients when a
> virus was intercepted heading their way, 

Hello,

Is a related issue of FAKE notifications of sending mydoom.a relevant?

In the past weeks I have received two such, claiming I sent Mydoom.A loaded emails to an address in 
.tw and one in .au. I did neither.  The commonality in these was the Message-Id. (BTW I run Linux on 
both boxes in my tiny network.)


Message-Id: <20040129080338.1227660029 at services.ibab.ac.in>
and
Message-Id: <20040206061034.CA8966007C at services.ibab.ac.in>

So is ibab.ac.in likely the source of the fake notices, or are they stopping email with spoofed 
addresses that really did carry Mydoom.A ?

Jonathan Webster




More information about the list mailing list